CVE-2022-32550 | Vulnerability Database | Aqua Security

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

Affected Software

Name	Vendor	Start Version	End Version
1password	1password	7.0 (including)	7.9.3 (excluding)
1password	1password	7.0 (including)	7.9.5 (excluding)
1password	1password	7.0 (including)	7.9.6 (excluding)
1password	1password	7.0 (including)	7.9.829 (excluding)
1password	1password	8.0 (including)	8.7.1 (excluding)
1password	1password	8.0 (including)	8.8.0-94 (excluding)
1password	1password	8.0 (including)	8.8.0-104 (excluding)
1password_in_the_browser	1password	*	2.3.4 (excluding)
Command-line	1password	2.0.0 (including)	2.3.0 (excluding)
Command_line_interface	1password	1.0.0 (including)	1.12.5 (excluding)
Connect	1password	*	1.5.3 (excluding)
Scim_bridge	1password	*	2.3.2 (excluding)

References

https://support.1password.com/kb/202206/
https://support.1password.com/kb/202206/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-32550
CWE	https://cwe.mitre.org/data/definitions/.html